Описание
phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:phpbb:phpbb:2.0.23:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.0043
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
debian
больше 16 лет назад
phpBB 2.0.23 includes the session ID in a request to modcp.php when th ...
github
больше 3 лет назад
phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header.
EPSS
Процентиль: 62%
0.0043
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-200